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METHOD AND APPARATUS FOR REVOCATION LIST MANAGEMENT 

Field of the Invention 

The present invention relates generally to the field of consumer 
5 electronics devices, and more particular to techniques for controlling 
access to digital recordings and other types of content material via 
consumer electronics devices. 

Background of the Invention 

10 A number of different copy protection techniques have been 

developed for protecting digital recordings and other types of 
copyrighted content material from unauthorized use. In many such 
techniques, the content material is encrypted such that it can only be 
decrypted using a key accessible to a compliant device. For example, 

15 an access control system for copy-protected content material may 
effect a key exchange with the particular compliant device, using a 
Dif f ie-Hellman key exchange or other public key cryptography 
technique. The access control system then uses the exchanged key to 
encrypt a decryption key for decrypting the content material, and 

20 supplies the decryption key to the device. 

In this manner, only the intended compliant device can decrypt 
the content material. Generally, the access control system does not 
undertake the key exchange until after the particular compliant device 
identifies itself, and, in most cases, authenticates this 

25 identification, typically via an encrypted signature that can be 
verified. Other copy protection techniques that rely in whole or in 

s;\pi\sp02pia0.pir 
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part upon an identification of a receiver or other device are common 
in the art. 

An adversary of the above-described access control system can 
subvert the copy protection technique by imitating a compliant device. 
5 That is, techniques are common in the art for replicating a compliant 
device, such that, in operation, the replicated device is virtually 
indistinguishable from the original. A coinmon unauthorized business 
practice is the sale of "black market" or "pirated" imitations of 
replicated compliant devices that are intended for use in gaining 

10 unauthorized access to copy-protected content material. 

In order to counteract such an adversary, device manufacturers, 
content providers and other issuing authorities typically publish 
revocation lists, itemizing each identifier that has been determined 
to be no longer valid. In principle, the access control system 

15 receives an identifier from the intended receiving device, compares 
this identifier to the list of all invalidated identifications, then 
grants or denies access accordingly. Each issuing authority 
periodically publishes a list of the recently revoked identifiers, and 
this list is communicated to each access control system, using a 

20 variety of techniques. 

For example, if the access control system is a set-top box that 
only provides broadcast content material to a compliant recorder or 
display device, the revocation list can be transmitted to the set-top 
box from the provider of the broadcast services. If the access 

25 control system is a consumer digital versatile disk (DVD) player that 
only plays back a DVD to a compliant display device, the latest 
revocation list can be embedded within coxnmercial DVD recordings. 
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When the user of the DVD player plays a recently purchased or rented 
DVD recording, the DVD player reads the embedded list. When the 
access control system receives a new revocation list, it updates a 
locally stored list of revocations accordingly. Because the local 
5 revocation list at the access control system is of finite size, each 
access control system is typically configured to delete the oldest 
revocations when space is required for newer revocations. 

A significant drawback of conventional techniques for managing 
the above-described revocation lists is the amount of computation time 

10 and other access control system resources required to determine if a 
given entity has been revoked. For example, it is generally necessary 
when using the conventional list management techniques to implement a 
complete search of a revocation list in order to determine if a given 
entity initiating communication is authorized to do so. In addition, 

15 each time a local revocation list in an access control system is 
modified, separate determinations generally must be made for a number 
of other devices, even though the system may be regularly in contact 
with these devices. 

A need therefore exists for improved techniques for managing 

20 revocations lists, such that the amount of system resources consumed 
in the list management process is reduced. 

Summary of the invention 

The invention provides methods and apparatus for management of 
25 revocation lists in an access control system. In accordance with the 
invention, access to information is controlled by maintaining, for a 
given device or other entity through which information may be 
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accessed, a contact list that includes information identifying one or 
more other entities which have attempted to communicate with the given 
entity. The contact list is utilized in conjunction with a revocation 
list, e.g., a local revocation list stored in a memory associated with 
5 the given entity, in order to determine which of the other entities 
are authorized to communicate with the given entity. 

The contact list includes a n\amber of entries, each entry having 
at least an identifier of a particular one of the other entities and 
a corresponding revocation flag indicating whether the particular 

10 entity has been revoked. The contact list may be updated after a 
modification of the local revocation list. In this case, all of the 
entities in the contact list that do not have their corresponding 
revocation flag set are identified, and a determination is made as to 
whether each identified entity is on a local revocation list. If such 

15 an entity is determined to be on the modified local revocation list, 
its revocation flag in the contact list is set. 

The contact list may also be updated if a new entity not already 
included in the contact list attempts to communicate with the given 
entity. In this case, an entity identifier for the new entity is 

20 stored in the contact list if there is sufficient space available in 
the contact list, and the revocation flag for the new entity is set if 
that entity is determined to be on the current local revocation list. 

If there is insufficient space in the contact list for the new 
entity, an existing entry may be selected using a random or pseudo- 

25 random process, and the selected entry overwritten with the new entity 
information. 
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In accordance with another aspect of the invention, the contact 
list may be configured such that the revocation flag of a particular 
entry may not be cleared once that flag has been set, as long as that 
entry remains in the contact list. In addition, a digital signature 
5 may be periodically generated for at least a portion of the contact 
list, with the digital signature being updated each time the contact 
list is updated. 

In accordance with a further aspect of the invention, each of at 
least a subset of the other entities may store its own contact list 

10 for use in revocation list management, such that the contact list for 
each entity includes entries corresponding to other entities which 
have attempted to communicate with that entity. 

Advantageously, the invention substantially improves the 
efficiency of the revocation list management process, and thereby 

15 considerably reduces the amount of computation time and other system 
resources consumed in access control operations. These and other 
features and advantages of the present invention will become more 
apparent from the accompanying drawings and the following detailed 
description. 

20 

Brief Description of the Drawings 

FIG. 1 is a block diagram of an exemplary access control system 
in which the present invention may be implemented. 

FIG. 2 illustrates the manner in which published revoked 
25 identifiers may be supplied to the access control system of FIG. 1. 
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FIG^ 3 shows an example of a contact list that is maintained by 
the access control system of FIG. 1 in accordance with an illustrative 
embodiment of the invention. 

FIGS. 4 and 5 are flow diagrams illustrating update operations 
5 performed in conjunction with the contact list of FIG. 3 in the 
illustrative embodiment of the invention. 

Detailed Description of the Invention 

For purposes of simplicity and clarity of illustration, the 

10 present invention is described herein using consumer entertainment 
applications involving, e.g., access control techniques used to 
control access to pay-per-view or other broadcast transmissions, or 
access control techniques used to control the number of copies that 
can be made of digital recordings or other types of copy-protected 

15 content material. However, it should be understood that the invention 
can be used in numerous other access control applications. 

FIG. 1 shows an exemplary embodiment of an access control system 
100 in which the present invention may be implemented. The access 
control system 100 includes an access device 110 having associated 

20 therewith a timer 112 and an access identifier 114, a receiver 120 
configured to receive broadcast revoked identifiers 122, and a 
replacer 130 which is operative to interact with a local revocation 
list 150. In this embodiment, the access control system 100 receives, 
e.g., from a playback device 160, a quantity of content controlled 

25 material 165, and if the access identifier 114 is an authorized 
identifier, delivers corresponding accessed content material 170, 
e.g., to a display device 180. 
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Generally, the controlled content material 165 is encrypted 
material, and the access device 110 within the access control system 
100 decrypts the encrypted material to create the accessed content 
material 170 for rendering to a user, e.g., for display on the display 
5 device 180. The controlled content material 165 is illustrated in 
this embodiment as being provided by the playback device 160, which 
could be, e.g., a compact disk (CD) player, digital versatile disk 
(DVD) player, or other type of audio or video disc player, a magnetic 
tape player, a hard-drive system, etc. The controlled content material 

10 165 may alternatively be provided via a broadcast system, cable 
system, satellite system or other service provider, or via a network 
connection with the Internet or other type of network. As is common 
in the art, the controlled content material 165 may be communicated 
among a variety of devices, e.g., to and from a recording device after 

15 being received from a service provider, etc. 

The access device 110 provides the accessed content material 170 
if and only if a valid access identifier 114 is provided. Generally, 
the access identifier 114 is a unique identifier that is associated 
with a decryption key and is digitally signed by a special key that is 

2 0 known only to a "trusted authority," typically an authorized vendor or 
manufacturer, or the provider of the service. 

The access identifier 114 may, e.g., be contained within a "smart 
card" or other type of device that identifies the user, a pre-paid 
card-based device that does not identify the user, a set-top box, 

25 computer, television or other device that identifies an account number 
for charging fees, etc. 
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As another example, the access identifier 114 may be a unique 
identifier of a manufactured item, such as a recording device, that is 
manufactured to enforce agreed upon copy-limit standards, as 
discussed, e.g., in U.S. Patent Application Serial No. 09/333,628, 
5 filed June 15, 1999 in the name of inventor Michael Epstein and 
entitled "Copy Protection by Ticket Encryption," which is incorporated 
by reference herein. 

The above-noted trusted authorities publish revocation lists 
comprising access identifiers which have been inappropriately used, 

10 and have therefore been revoked. For example, unauthorized copies of 
recorded material may contain an access identifier that was used to 
originally access the material, lost or stolen card-based devices may 
be revoked, etc. The revoked identifiers 122 may be broadcast to 
access control system 100 in a variety of forms, and are typically 

15 broadcast via the medium used to convey the content material. 

As previously noted, the access control system 100 includes 
receiver 120 for receiving the broadcast revoked identifiers 122, and 
a local revocation list 150. The local revocation list 150 is 
maintained within an electronic memory or other storage device 

20 associated with the access control system 100. The nature of the 
receiver 120 will generally depend upon the type of broadcast used to 
supply the revoked identifiers 122. For example, the receiver 120 may 
be, e.g., a device that extracts the revoked identifiers 122 from the 
medium used to convey the controlled content material 165. In such an 

25 arrangement, each published CD or DVD may contain thereon a list of 
recent revoked identifiers 122. As another example, the receiver 120 
may be a dedicated device that receives the broadcast revoked 



PHA 23,871 



identifiers 122 from a broadcast, cable or satellite system provider 
via a control channel. 

The local revocation list 150 is generally of finite size, and 
eventually will be filled with the received revoked identifiers 122. 

The replacer 130 may therefore be configured to randomly replace a 
previous entry in the list 150 with each received revoked identifier 
122, using the techniques described in U.S. Patent Application Serial 
No. 09/370,489, filed August 9, 1999 in the name of inventor Michael 
Epstein and entitled "Updating a Revocation List to Foil an 
Adversary," which is incorporated by reference herein. By using such 
a random or pseudo-random replacement technique, the likelihood of a 
particular revoked identifier 122 being present in the list 150 is 
more difficult for an adversary to determine. As a result, an 
adversary cannot rely on the mere passage of time, i.e., the dropping 
of older revoked identifiers from a finite-sized list as new 
identifiers arrive, in order to circumvent the local revocation list 
150. 

It should be emphasized that the particular configuration of the 
access control system 100 as shown in FIG. 1 is by way of example 
only, and that in other embodiments the system 100 may be incorporated 
into or otherwise associated with the playback device 160, the display 
device 180, or other suitable device. For example, elements or groups 
of elements of the system 100 may collectively represent a desktop, 
laptop or palmtop computer, a personal digital assistant (PDA), a 
television, or a set -top box, as well as portions or combinations of 
these and other devices. It should also be understood that the 
invention may be implemented in other types of systems. For example. 
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one or more of the elements of the system 100 may be implemented at 
least in part as an application-specific integrated circuit (ASIC) , 
circuit card or other processor-based device to be incorporated into 
or otherwise associated with a television, computer, set-top box or 
5 other device. 

FIG. 2 shows an example of a system 200 for broadcasting revoked 
identifiers 122 to access control system 100. Published revoked 
identifiers 2 01 are received from one or more trusted authorities via 
a receiver 220. The system 200 further includes a selector 230, an 

10 encoder 240 that interacts with transport media 241, and a master 
revocation list 250. The published revoked identifiers 201 received 
by the receiver 22 0 are stored in the master revocation list 250, 
which is typically substantially larger than the local revocation list 
150. For example, the system 200 may be located at a cable system or 

15 other service provider headquarters, or at a disk manufacturing plant, 
and the master revocation list 250 may be resident in a database of 
virtually unlimited size. 

The selector 230 randomly selects published revoked identifiers 
2 01 from the master revocation list 250 for encoding as broadcast 

20 revoked identifiers 122 that are communicated to the remote access 
control system 100 via the transport media 241. The encoder 240 
encodes the published revoked identifiers that are selected for 
broadcasting into a form suitable for the particular transport media 
241. For example, the broadcast revoked identifiers 122 may be 

25 broadcast in the form of a signal that is multiplexed onto a broadcast 
carrier, encoded on a track of a CD or DVD, included in the header of 
a VCR tape, etc. Additional details regarding the operation of the 
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system 200 are provided in the above-cited U.S. Patent Application of 
Michael Epstein entitled "Updating a Revocation List to Foil an 
Adversary. " 

The present invention is directed to techniques for managing 
5 revocation lists such as the above-described local revocation list 150 
of the access control system 100. As will be described in greater 
detail below, the invention utilizes an additional list, referred to 
herein as a contact list, for more efficiently managing revocation 
list updates in the presence of modifications or additional devices 
10 attempting to establish communication with the access control system 
100. 

FIG. 3 shows an example of a contact list 300 which includes a 
set of entity identifiers 3 02 and a set of corresponding revocation 
flags 304. The entity identifiers 302 generally include an entity 

15 identifier for each entity which is in communication with the access 
control system 100. It is assumed in this embodiment that each of the 
entities represents a device that has communicated with the access 
control system 100. The term "entity" as used herein should therefore 
be understood to include any type of device that may attempt to 

2 0 establish communications with or otherwise interact with the access 
control system 100. 

Each row of the contact list 300 stores the identifying 
information for a given entity and a corresponding flag specifying if 
the entity has been revoked, i.e., is currently present or has 

25 previously been present on the local revocation list 150 of the system 
100. For example, the contact list 300 as shown in FIG. 3 includes N 
entries, with entity identifiers ID 1, ID 2, . . . ID N and 
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corresponding flags Fl, F2, . • • FN. Each of the flags Fl, F2, . . 
. FN is assumed in this embodiment to be a binary flag, e.g., it can 
either have a particular one of two binary values, referred to as its 
"set" value, or the opposite binary value, referred to as its "unset" 
5 value. 

The contact list 300 may be implemented in a straightforward 
manner in a memory device incorporated in or otherwise associated with 
the access control system 100, e.g., it may be implemented in a 
portion of the memory used to implement the local revocation list 150. 
10 The particular value of N may vary depending upon the application, 
based on factors such as the memory capacity of the access control 
system 100. The term "list" as used herein is intended to include a 
table or any other arrangement of information that may be stored in a 
memory device. 

15 FIG. 4 is a flow diagram illustrating the manner in which the 

contact list 3 00 may be updated after a modification to the local 
revocation list 150. In step 410, the local revocation list 150 is 
modified, e.g., by replacer 130 in response to receipt of one or more 
broadcast revoked identifiers 122. Step 420 then identifies all of 

20 the entities in the contact list 300 that do not have their 
corresponding revocation flag set. Step 430 then determines, for each 
of the entities identified in step 420 as being on the contact list 
3 00 but not having a set revocation flag, whether that entity is on 
the modified local revocation list 150. If such an entity is 

25 determined to be on the modified local revocation list, its revocation 
flag is set in the contact list 300, thereby confirming that the 
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entity is revoked and no further coiranunication will be allowed with 
the entity. 

FIG. 5 is a flow diagram illustrating the manner in which the 
contact list 300 may be updated when an entity not already having its 
5 identifier stored in the contact list attempts to communicate with the 
access control system 100. In step 510, an entity which is not 
included in the contact list 3 00 attempts to initiate communication 
with the access control system 100. If there is sufficient space in 
the contact list 300 for another entity, step 520 stores the 

10 identification information for the new entity, e.g., an entity 
identifier, in the contact list 300. Step 530 then determines if the 
new entity is on the current local revocation list 150. If it is, the 
revoked flag for that entity is set in the contact list, indicating 
that the entity is revoked and further communication with that entity 

15 is terminated. 

If an entity not already in the contact list 300 initiates 
communication with the access control system 100 at a time at which 
the contact list is already full, i.e., has exceeded its maximum 
number of entries N, then a particular entry in the contact list may 

2 0 be selected for reuse. In this case, the selected entry in the 
contact list 3 00 is written over by setting its identifying 
information to that of the new entity, and then determining its 
revocation status as in step 530. The selection of a particular entry 
in the contact list 300 for reuse may be implemented using random or 

25 pseudo-random selection processes such as those described in the 
above-cited U.S. Patent Application of Michael Epstein entitled 
"Updating a Revocation List to Foil an Adversary." 
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The contact list 300 may be configured such that there is no 
mechanism for clearing the revocation flag of a particular entry once 
that flag has been set, as long as that entry remains in the contact 
list, i.e., is not overwritten as part of the above-described 
5 selection process. 

The particular technique used for selecting entries for 
overwriting in the manner described above may be configured to favor 
selection of entries that have not been revoked. However, there need 
not be any absolute rule that only non-revoked or previously revoked 
10 entries can be selected for overwriting. 

In addition, the contact list or a suitable portion thereof could 
be secured by generating a digital signature which is updated each 
time the contact list is modified. 

It should be noted that a contact list such as that described 
15 above could be stored by each entity in a given set of potentially 
communicating entities. In addition, it is possible that a given 
entity may store only a portion of a contact list if such an entity 
does not have sufficient capacity to store an entire list. In this 
case, the level of security provided will generally be less than that 
20 obtained using the full list, but will nonetheless provide significant 
advantages over conventional revocation list management. 

Advantageously, the present invention substantially improves the 
efficiency of the revocation list management process, and thereby 
considerably reduces the amount of computation time and other system 
25 resources consumed in access control operations. 

As previously noted, the present invention can be implemented in 
a wide variety of different systems and devices, such as, e.g., a set- 

14 
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top box, a computer, a palm-top computing device, as well as portions 
or combinations of these and other processor-based devices. 

The revocation list maintenance operations described in 
conjunction with FIGS. 4 and 5 can be implemented at least in part in 
5 the form of one or more software programs configured for execution 
using a conventional processor, e.g., a microprocessor, digital signal 
processor, central processing unit, computer, circuit card, 
application-specific integrated circuit (ASIC) , field programmable 
gate array (FPGA) , or microcontroller, as well as portions or 

10 combinations of these and other types of processing devices. Such a 
processor may be configured in a conventional manner to operate with 
one or more memory devices, e.g., an electronic memory, an optical or 
magnetic disk-based memory, a tape-based memory, as well as portions 
or combinations of these and other types of memory devices. 

15 The above-described embodiments of the invention are intended to 

be illustrative only. For example, the invention can be used to 
implement revocation list management in a wide variety of 
applications, systems and devices other than those described herein. 
Numerous alternative embodiments within the scope of the following 

20 claims will be apparent to those of ordinary skill in the art. 
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Claims 

What is claimed is: 

1. A method for controlling access to information, the method 
5 comprising the steps of: 

maintaining, for a given entity controlling access to the 
information, a contact list comprising information identifying one or 
more other entities which have attempted to communicate with the given 
entity; and 

10 utilizing the contact list in conjunction with a revocation 

list associated with the given entity to determine which of at least 
a subset of the one or more other entities are authorized to 
communicate with the given entity. 

15 2. The method of claim 1 wherein the given entity and at least 

a subset of the one or more other entities each comprise a consumer 
electronics device. 

3. The method of claim 1 wherein the maintaining and utilizing 
20 steps are implemented in an access control system associated with the 

given entity. 

4. The method of claim 3 wherein the revocation list comprises 
a local revocation list stored in the access control system. 

25 

5. The method of claim 1 wherein the contact list comprises a 
plurality of entries, each entry including at least an identifier of 

16 
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a particular one of the other entities and a corresponding revocation 
flag indicating whether authorization of the particular entity has 
been revoked ♦ 

5 6. The method of claim 5 further including the step of updating 

the contact list after a modification of the revocation list. 

7. The method of claim 6 wherein the step of updating the 
contact list after a modification of the revocation list further 

10 includes the steps of: 

identifying all of the entities in the contact list that do 
not have their corresponding revocation flag set; and 

determining, for each of the entities identified as being on 
the contact list but not having a set revocation flag, whether that 
15 entity is on the modified local revocation list, and if such an entity 
is determined to be on the modified local revocation list, setting its 
revocation flag in the contact list, 

8. The method of claim 5 further including the step of updating 
2 0 the contact list if a new entity not already included in the contact 

list attempts to communicate with the given entity. 

9. The method of claim 8 wherein the step of updating the 
contact list if a new entity not already included in the contact list 

25 attempts to communicate with the given entity further includes the 
steps of: 
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storing in the contact list an entity identifier for the new 
entity if there is sufficient space available in the contact list; and 
determining if the new entity is on the revocation list, and 
if it is, setting the corresponding revocation flag for the new entity 
5 in the contact list. 

10. The method of claim 9 further including the step of 
selecting a particular entry of the contact list for removal from the 
contact list if there is not sufficient space available in the contact 

10 list for the new entity. 

11. The method of claim 10 wherein the selecting step is 
implemented using a random or pseudo-random selection process. 

15 12. The method of claim 5 wherein the contact list is configured 

such that the revocation flag of a particular entry may not be cleared 
once that flag has been set as long as that entry remains in the 
contact list. 

20 13. The method of claim 1 further including the step of 

periodically generating a digital signature for at least a portion of 
the contact list. 

14. The method of claim 13 further including the step of 
25 updating the digital signature each time the contact list is updated. 
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15 • The method of claim 1 wherein each of at least a subset of 
the other entities stores a contact list having entries corresponding 
to entities which have attempted to communicate with those other 
entities. 

5 

16. An apparatus for controlling access to information, the 
apparatus comprising: 

a processor-based device for controlling access to the 
information, wherein the processor-based device is operative to 

10 maintain a contact list comprising information identifying one or more 
other entities which have attempted to communicate with the processor- 
based device, and to utilize the contact list in conjunction with a 
revocation list associated with the given entity to determine which of 
at least a subset of the one or more other entities are authorized to 

15 communicate with the processor-based device. 

17. An article of manufacture comprising a machine-readable 
storage medivim containing one or more software programs for use in 
controlling access to information, wherein the programs when executed 

20 implement the steps of: 

maintaining, for a given entity controlling access to the 
information, a contact list comprising information identifying one or 
more other entities which have attempted to communicate with the given 
entity ; and 

25 utilizing the contact list in conjunction with a revocation 

list associated with the given entity to determine which of at least 
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a subset of the one or more other entities are authorized 
communicate with the given entity. 
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Abstract 

Access to information is controlled by maintaining, for a given 
device or other entity through which information may be accessed, a 
5 contact list that includes information identifying one or more other 
entities which have attempted to communicate with the given entity. 
In accordance with the invention, the contact list is utilized in 
conjunction with a revocation list stored in a memory associated with 
the given entity in order to determine which of the other entities are 
10 authorized to communicate with the given entity. The contact list 
includes a nixmber of entries, each entry having at least an identifier 
of a particular one of the other entities and a corresponding 
revocation flag indicating whether the particular entity has been 
revoked. The contact list is updated after a modification of the 
15 revocation list, or if a new entity not already included in the 
contact list attempts to communicate with the given entity. 
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Attorney's Docket No. 

PHA 23.871 

As a below named inventor, I hereby declare that: 

Mv residence, post office address and citizenship are as stated below next to my name. , , i- jv i x 

.y.. _ . . * ... . -listed below) or an original, first andjoint inventor (if plural nanaes are lis^^^ 



I believe I am the original, first and sole inventor (if only one name is , _ . 

subject matter which is claimed and for which a patent is sought on the invention entitled METHOD AND APPARATUS FOR REVOCATION LIST 
MANAGEMENT the specification of which (check one) 
X is attached hereto. 



was filed on 



as Application Serial No. 



and was amended on _ 



(if applicable). 



I hereby state that I have reviewed and understand the contents of the above-identified specification, including the claims, as amended by the amendment(s) referred to 
I acknowledge the duty to disclose information which is material to the patentability of this application in accordance with Title 37, Code of Federal Regulation, 



above. 



I teeby claim foreign priority benefits under Title 35, United States Code, § 1 19 of any foreign application(s) for patent or inventor's certificate listed below and 
have also identified below any foreign application for patent or inventor's certificate having a filing date before that of the application on which pnonty is claimed: 



COUNTRY 


APPLICATION 
NUMBER 


DATE OF FILING 
(DAY, MONTH, YEAR) 


PRIORITY CLAIMED 
UNDER 35 US.C. 119 



















I hereby claim the benefit under Title 35, United States Code, § 120 of any United States application (s) listed below and, insofar as the subject matter of each of the 
claims of this application is not disclosed in the prior United States application in the manner provided by the fu^t paragraph of Title 35 United States Code, § 1 12, 1 
aelaiowledge the duty to disclose material information as defined in Title 37, Code of Federal Regulations, §1.56(a) which occurred between the filing date of the pnor 
plication and the national or PCT international filing date of this application: 





FILING DATE 


.... 

STATUS (PATENTED, PENDING, ABANDONED) 


APPLICATION SERIAL NUMBER 













yrther that these statements were made with the knowledge that willful false statements and the like so made are punishable by fme or imprisonment, or both, under 
iT^lction 1001 of THle 18 of the United States Code and that such willful false statements may jeopardize the validity of the application or any patent issued thereon. 

^'POWER OF ATTORNEY: As a named inventor, I hereby appoint the following attomey(s) and/or agent(s) to prosecute this application and transact all business in 
^& Patent and Trademark Office connected therewith, (list name and registration number) 
^igy Tamoshunas, Reg. No. 27,677 
t&k E. Haken, Reg. No. 26,902 



SEND CORRESPONDENCE TO: 
Corporate Patent Counsel; 

U.S. Philips Corporation; 580 White Plains Road; Tarrytown, NY 10591 



DIRECT TELEPHONE CALLS TO: 
Tony E. Piotrowski, Reg. 42,080 
Telephone: (914)333-9609 



Dated: ^^j ^ j^^^^ 


Inventor's y^:^^/^/^.,.,^^ 


Full Name of 
Inventor 


Last Name 
PASIEKA 


First Name 
Michael 


Middle Name 
S. 


Residence & 
Citizenship 


City 

Thomwood 


State or Foreign Country 
NY 


Coun^ of Citizenship 


Post Office 
Address 


Street 

60 Eton Road 


City 

Thomwood 


State or Country 
NY 


Zip Code 
10594 
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IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 
In re Application of Atty. Docket 

MICHAEL S. PASIEKA PHA 23,871 

Serial No. Group Art Unit: 

Filed: CONCURRENTLY Examiner: 

Title: METHOD AND APPARATUS FOR REVOCATION LIST MANAGEMENT 

Honorable Commissioner of Patents and Trademarks 
Washington, D.C. 20231 

APPOINTMENT OF ASSOCIATES 

Sir: 

The undersigned Attorney of Record hereby revokes all 
prior appointments (if any) of Associate Attorney (s) or Agent (s) in 
the above-captioned case and appoints: 
Tony Piotrowski (Registration No. 42,080) 

(Registration No. ) and 

(Registration No. ) 
c/o U.S. PHILIPS CORPORATION, Intellectual Property Department, 580 
White Plains Road, Tarrytown, New York 10591, his Associate 
Attorney (s) /Agent (s) with all the usual powers to prosecute the 
above-identified application and any division or continuation 
thereof, to make alterations and amendments therein, and to 
transact all business in the Patent and Trademark Office connected 
therewith . 

ALL CORRESPONDENCE CONCERNING THIS APPLICATION AND THE 
LETTERS PATENT WHEN GRANTED SHOULD BE ADDRESSED TO THE UNDERSIGNED 
ATTORNEY OF RECORD. 

Respectfully, 



:k E. Haken, Reg. 26,902 
'torney of Record 




Dated at Tarrytown, New York 
this December 7, 1999 
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